More on data formats
dirkjan at ochtman.nl
Wed Nov 20 01:44:09 PST 2013
On Wed, Nov 20, 2013 at 10:41 AM, Lloyd Hilaiel <lloyd at hilaiel.com> wrote:
> 1. That an assertion lacks `iat` makes robust date range checking difficult.
> Specifically, it's hard to verify that you don't have an assertion with a
> future issue time. shall we add `iat` to assertion format?
That sounds sensible to me.
>  http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-17 -
> section 4.2 and 4.3 are pretty wild west about private extension naming.
> but the suggestion seems to be to add properties as you extend.
You have the wrong URL here, I think you mean
Also, Lloyed noted that that spec (JWT) currently states that 'the
"sub" value is a case-sensitive string containing a StringOrURI
value', i.e., our JSON object usage is forbidden per current spec.
More information about the Dev-fxacct